πUnited States
Application Security Engineer
closed
dLocal
πRemote - Brazil, Uruguay
Summary
The job is for a Security Engineer at dLocal, a global team that simplifies payment expansion in emerging markets. The role involves implementing a software assurance model, performing security design reviews, code reviews, and triaging security vulnerabilities. The position offers flexible work culture with travel, health, learning benefits, among others.
Requirements
- Strong proficiency in at least one programming language like Java and/or NodeJS and also knowledge in any scripting languages
- Hands-on experience working with developers in building a software assurance model
- Demonstrate the ability to manually fix/mitigate security flaws on web applications and APIs code-level
- Experience designing secure web services, APIs and microservice architectures
- Familiarity with threat modeling frameworks in cloud-base environments (OWASP, STRIDE, MITRE, etc)
- Experience with application/development security tools including but not limited to: Burp Suite, Qualys/WAS (or similar), Checkmarx (or similars), Bitbucket (or similars), Jenkins, Docker, etc)
- Familiarity with implementation and maintenance of SAST/DAST/IAST/SCA security sensors in a development pipeline
- In-depth knowledge of OWASP10, SANS25 and other world-known application security frameworks
- Understanding of a complete SDLC and how to make it secured (S-SDLC)
- Familiarity with Cloud platforms (AWS or equivalent)
- Ability to lead people to problem resolution when it comes to Security (Integrate teams, specially Engineering Team)
- Effective written and oral communication involving both business and technical sides of the business
- Quickly identify issues and solve them
- Ability to present technical risks to broader audience (both written and spoken)
Responsibilities
- Implement a software assurance model
- Perform security design reviews for new features and product releases
- Perform code reviews and advise developers on remediation techniques
- Design controls to detect and respond to common attacks on our platform
- Triage and respond to external inquiries around security vulnerabilities
- Facilitate internal training on various security topics to raise awareness and interest
Preferred Qualifications
- Certified in any related security development certifications like CSSLP, CASE or others
- Exposure to PCI-DSS framework or any other relevant security standard will be valued
- Extensive knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scale
- Have had developed a personal or enterprise software/script with focus on security (exploitation of vulnerabilities, hardening automation, API integration for security)
Benefits
- Flexible work culture
- Travel
- Health benefits
- Learning benefits
This job is filled or no longer available
Similar Remote Jobs
πUnited States
πUnited States

πAustralia

πNew Zealand

πAustralia
π°$150k-$175k
πUnited States
πArgentina, Colombia
πUnited States
πPoland